Tuesday, January 20, 2015

No more poodles! Part II

On previous post I've left you right after Apache HTTP 2.4 installation. We have few steps to complete.

Configure Apache 2.4

Apache 2.4 has different set of packages and it’s not compatible with some old modules (i.e. mod_perl). Even if we will not use old system configuration it's a good time to make system backup (or take system snapshot). As minimum make copy of /etc/httpd directory

For SSL configuration I prefer to keep all global parameters in standard file and separate virtual host definitions.
In sake of document size I have removed all standard comments from default httpd-ssl.conf and kept essentials.

Now we have Apache HTTP Server 2.4 up and running. Let’s check application access through SSL.

Restrict access to applications.

To disable or limit access with plain protocols we need to protect ports on system level with iptablesfirewall. For the first of all let’s check if firewall enabled on your system. You can do it form X session with command:

# system-sconfig-securitylevel

Or check service iptables status:

# service iptables status

If firewall is disabled on your system I would recommend enable it from security level configuration utility and the modify /etc/sysconfig/iptables file.